-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-56456406e2 2024-12-12 01:33:19.386749+00:00 -------------------------------------------------------------------------------- Name : scap-security-guide Product : Fedora 41 Version : 0.1.75 Release : 1.fc41 URL : https://github.com/ComplianceAsCode/content/ Summary : Security guidance and baselines in SCAP formats Description : The scap-security-guide project provides a guide for configuration of the system from the final system's security point of view. The guidance is specified in the Security Content Automation Protocol (SCAP) format and constitutes a catalog of practical hardening advice, linked to government requirements where applicable. The project bridges the gap between generalized policy requirements and specific implementation guidelines. The system administrator can use the oscap CLI tool from openscap-scanner package, or the scap-workbench GUI tool from scap-workbench package to verify that the system conforms to provided guideline. Refer to scap-security-guide(8) manual page for further information. -------------------------------------------------------------------------------- Update Information: Important Highlights Add new product kylinserver10 (#12393) Create OL10 product (#12290) Update PCI-DSS control file for version 4.0.1 (#12435) New Rules and Profiles [New Rule] Package kea removed (#12464) Add Ism profile for ol8 (#12493) Add Ism profile to OL9 (#12346) Create CIS rules for login banners (#12472) New rule tftp_uses_secure_mode_systemd (#12436) Update chrony rules for RHEL 10 (#12415) Update RHEL 9 STIG to V2R2 (#12551) Changes in Remediations Add ansible remediation configure_bind_crypto_policy (#12325) Add ansible remediation to ensure_oracle_gpgkey_installed rule (#12323) Add ansible remediation to mount_option_home template (#12546) Add ansible remediaton for rsyslog_cron_logging rule (#12326) Add insensitive option to ansible_lineinfile macro (#12314) Add rule accounts_tmout to SLE Micro 5 STIG profile (#12524) Add rule security_patches_up_to_date to SLE Micro 5 STIG profile (#12506) Add rules to support remote offload of journal logs (#12479) Add support for XCCDF variables into sshd_lineinfile template (#12251) Added remediation and tests for the rule permissions_local_var_log_audit (#12360) Avoid tmpfiles override (#12218) Bring bash version in-sync with Ansible (#12398) Change flags cleanup (#12397) Create CIS rules for login banners (#12472) Don't autoremove packages on dnf package uninstall (#12389) Fix "unknown predicate -L" (#12305) Fix ansible remediation for audispd plugin UBTU-20-010216 (#12293) Skip users with ID above UID MAX on accounts_user_interactive_home_directory_defined (#12527) SLE15 related fixes in ntp and aide rules (#12548) Slmicro5 stig add accounts and software rules support (#12364) Update ansible remediation to harden_sshd_ciphers_openssh_conf_crypto_policy rule (#12324) Update bash remediation to fix bug into account_disable_inactivity* (#12134) Update remedation for firewalld_sshd_port_enabled (#12522) Update select rules for RHEL not to modify systemd units in /usr (#12486) Update SLE12 STIG version to V3R1 (#12580) Update SLE15 STIG version to V2R2 (#12570) Changes in Checks Add "is_substring" variable to grub2_bootloader_argument template (#12308) Add OL9 into installed_OS_is_vendor_supported (#12333) Add rule accounts_tmout to SLE Micro 5 STIG profile (#12524) Add support for XCCDF variables into sshd_lineinfile template (#12251) convert more rules to sshd_lineinfile template (#12301) Create CIS rules for login banners (#12472) enhance the grub2_argument template to cover more use cases (#12375) Fix Audit related rules in RHEL 10 (#12359) Fix inventory_test_kernel_installed for SLE (#12516) Remove redundant sshd oval macro (#12532) Slmicro5 stig add accounts and software rules support (#12364) Update SLE15 STIG version to V2R2 (#12570) Removed Products Remove uos20 (#12248) Fixed Bugs Remove installed_OS_is_FIPS_certified from sshd_use_approved_ciphers (#12242) firewalld_sshd_port_enabled add zone to all connections (#12256) Create CIS rules for login banners (#12472) Disable sysctl_kernel_modules_disabled Ansible remediation (#12514) Explicitly state FindOpenSCAP cmake so it loads before it's used. (#12538) Extend mount_option_nodev_nonroot_local_partitions (#12270) Fix crypto policy selection rhel10 (#12466) Fix references section in the workshop artificial rule data. (#12261) Fix title of var_networkmanager_dns_mode (#12258) Remove enable_dracut_fips_module from RHEL 10 profiles (#12467) Two CIS RHEL 9 enhancements (#12453) Update Account Home Folder Rules (#12465) Update audit_rules_suid_privilege_function to use ExecStart instead of ExecStartPost (#12549) Update Regex for sudoers_explicit_command_args (#12350) Update SLE15 STIG version to V2R1 (#12269) -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 14 2024 Matthew Burket <mburket@xxxxxxxxxx> - 0.1.75-1 - Update to latest upstream release https://github.com/ComplianceAsCode/content/releases/tag/v0.1.75 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2303894 - scap-security-guide-0.1.75 is available https://bugzilla.redhat.com/show_bug.cgi?id=2303894 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-56456406e2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
